> A quick search will provide plenty of articles about the subject.
Thanks, I had actually thought of using a search engine (as somebody
put it, part of the fun with configuring OpenLDAP is that you
definitely have to).
What I cannot find (yet) is whether there is a way to require StartTLS
only for external connections and allow it plain on the local network?
The reason why I (think I) need both is that many third party apps on
the server (PHP applications typically) do not easily manage StartTLS.
Meanwhile, having two different ports make it easier to manage via iptables.